The product I'm working on, is using OC4J 18.104.22.168.0. We need to disable dmsoc4j so that no one can access urls like http://<agent host>:<port>/dmsoc4j/Spy. It seems this is protected from OC4J 10.x and not in 9.x. So we are thinking of disabling url somehow. Is it possible to disable dmsoc4j in 9.x? Or is there any better way to restrict access to such urls apart from upgrading OC4J to 10.x?
One of our systems used to do this by putting some lines in <HOME>\Apache\Apache\conf\mod_oc4j.conf
Deny from all
And then the same again using AggreSpy instead of Spy.
We don't use that version any more, in fact it was before my time, but I presume it worked.